#AxisOfEasy 231: North Korean Hackers Hijacked Windows Update To Infect PCs With Malware

Weekly Axis Of Easy #231

Last Week’s Quote was “Get your facts first, then you can distort them as you please.” Our winner was Les Leslie by answering Mark Twain.

This Week’s Quote:  “A major source of objection to a free economy is precisely that it … gives people what they want instead of what a particular group thinks they ought to want. Underlying most arguments against the free market is a lack of belief in freedom itself. “…by???

THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.

Attention!  We are now hiring in two roles, one in Dev and the other in support. 
Check out the job descriptions here: 



In this issue:

  • The Great Google Rug Pull
  • Dangerous banking Trojan discovered on 2FA Google Play App 
  • UKG Hack disrupt payrolls for thousands of healthcare employers
  • Linux creator claims to be BitCoin creator in the most geek way possible.
  • Microsoft reveals details about epic record-breaking DDoS attack
  • North Korean hackers hijacked windows update to infect PCs with malware

Elsewhere online:

  • Facebook loses its bid to dismiss antitrust claims
  • Walmart files a trademark to provide cryptocurrency 
  • Apple warns that antitrust bills would increase risk
  • Microsoft launches a new ‘inclusiveness’ checker
  • Russia’s hackers use malicious traffic directions


The Great Google Rug pull

Free services always come with a day of reckoning and now the time has run out for free workspace services from Google. Those with custom domains will either be automatically upgraded to a paid tier on Google, or they have to scramble to find an alternative.

That alternative may be right in front of you, as most domain packages here at easyDNS come with easyMail included.

Learn more here: https://easydns.com/blog/2022/02/01/the-great-google-rug-pull/


Dangerous banking Trojan discovered on 2FA Google Play App

A malicious two-factor authentication app that has been available for more than two weeks has been taken down from Google Play – but not before it had been downloaded more than 10,000 times.

According to a Pradeo report, the two-factor authenticator app has been infected with the Vultur stealer malware, which is “a relatively new and advanced kind of malware that targets online banking interfaces to steal user credentials and other critical financial information.

Downloading the app results in installing the Vultur banking trojan on the compromised device – which steals credit card and bank account information. Using an open-source Aegis authentication code injected with malicious add-ons, the threat actors developed a convincing, operational application to disguise the malware dropper.

The report also urges users to immediately delete the app —called 2FA Authenticator— from their devices since they remain at risk from banking-login theft and other attacks.  

Read: https://threatpost.com/2fa-app-banking-trojan-google-play/178077/?web_view=true

UKG Hack disrupt payrolls for thousands of healthcare employers

Millions of people are still experiencing disruptions a month after a ransomware attack that knocked out Kronos Private Cloud. This organization includes some of the nation’s most popular workforce management software. The attack resulted in paychecks being short by hundreds or thousands of dollars, as their employers have struggled to manage schedules and track hours without the help of the Kronos software.

It is not clear exactly when the affected employers will have access to their systems and data, even though Kronos maker Ultimate Kronos Group says all systems will be back up by the end of January.

For employers in the healthcare industry, the timing could hardly be more inconvenient. The Kronos outage has affected many hospitals and employers in the health care industry across the country. This is according to John Riggi, the American Hospital Association’s senior adviser for cybersecurity and risk.

As a result of the attack, hospitals and employers of all sizes have been affected, from small rural hospitals to urban multi-hospital systems. Employers are struggling to pay their workers accurately. Several employees have contacted their unions, used social media, or contacted local media outlets to report inaccurate paychecks.

Read: https://www.npr.org/2022/01/15/1072846933/kronos-hack-lawsuits

Linux creator claims to be BitCoin creator in the most geek way possible

In what seems to be a joke or a possible claim, Linus Torvalds —Linux creator— may have changed a single line in the Linux Kernel to indicate that he claims to be Satoshi Nakamoto. The modification says ‘Name = I am Satoshi.’

The phrase appeared to be posted by Torvalds himself at first glance, but it is unclear if that was the case. In GitHub, users can fork repositories and make changes that seem to belong to the original repository’s owner.

The inventor of Linux has historically been speculated to be Satoshi Nakamoto, the inventor of bitcoin. This is partly because he came up with Git, a project that inspired blockchain development, and somewhat because all circumstantial evidence suggests that he is the top contender.

Read: https://www.trustnodes.com/2022/01/27/linus-torvalds-git-pushes-i-am-satoshi-to-linux-kernel 

Microsoft reveals details about epic record-breaking DDoS attack 

Last Tuesday, Microsoft revealed that Microsoft’s Azure cloud computing customer in Asia was a victim of a massive 3.47 Tbps DDoS attack in November 2021. The attack lasted about 15 minutes and affected more than 10,000 IoT (Internet of things) devices from all over the world.

Additionally, Microsoft’s report reveals that there has been a spike in DDoS attacks against the United States and India. The software and technology giant noted that DDoS activity has decreased in Europe, but Hong Kong has become a popular hacker hotspot.

Before Microsoft’s announcement on Tuesday, one of the most significant DDoS attacks reported included a 2.3 TBPS DDoS attack in February 2020 on an Amazon Web Services (AWS) Shield DDoS protection service customer.

Read: https://www.hackread.com/microsoft-azure-customer-largest-tbps-ddos-attack/

North Korean hackers hijacked windows update to infect PCs with malware

The North Korea-based, nation-state hacking group, Lazarus, abuses the Windows Update service to distribute malicious payload. According to the Malwarebytes researchers, the phishing attacks originated from infected documents with job-theme content that impersonated American global security and aerospace company Lockheed Martin.

This document contained a malicious macro that, when opened, executed base64-encoded shellcode to inject several malware components into the explorer.exe process.

Researchers Ankur Saini and Hossein Jazi noted that Lazarus uses the Windows Update Client to execute its malicious DLL to avoid security detection mechanisms.

Malwarebytes explained several pieces of evidence that link the attack to the Lazarus Group, including infrastructure overlap and document metadata. The researchers concluded that “the group keeps updating its toolset to evade security mechanisms. Even though they have used their old job theme method, they employed several new techniques to bypass detections.”

Read: https://thehackernews.com/2022/01/north-korean-hackers-using-windows.html 

Elsewhere online:

Startup HackerOne lands $49 Million in Series E Investment


Shipment-Delivery Scams: Hackers favorite way to spread malware


Copywrite: Google Drives flags folders containing only number 1 


US government aims to Ban “Surveillance Advertising”


Critical bug in all primary Linus system service




7 thoughts on “#AxisOfEasy 231: North Korean Hackers Hijacked Windows Update To Infect PCs With Malware

Leave a Reply

Your email address will not be published. Required fields are marked *